HIPAA Secure Texting

Camera Security: An Oft Overlooked Threat To HIPAA Secure Messaging

September 4, 2014 | Adam Turinas

The recent leak of Jennifer Lawrence’s privately shared nude photos have many wondering how secure is Apple’s iCloud? The leak also has many questioning how safe sensitive patient health information will be on Apple’s soon to be released Health Kit Platform.

The private photos of Jennifer Lawrence and dozens of celebrities were leaked by cyberhackers who compromised their iCloud login information. In the same way that Jennifer Lawrence’s private photos were leaked on the Internet, images taken by your clinician could be at risk, too.

It is common practice for clinicians to take photos of patient wounds or skin conditions and then text them to a colleague. While this is a quick and convenient way for clinicians to collaborate, it is a significant HIPAA violation as PHI is being shared in a non-secure way.

The risk is significant if the clinician’s phone is enabled to save images through iCloud. Even worse, if your clinicians are using an Android phone and photos are automatically stored on Picassa or Google+, patient images could be displayed online through clinicians’ Picassa accounts every time their phone syncs. Even if these cloud-based services are disabled, every time the phone is backed up, there is a potential breach if precautions are not taken.

The bottom line is that when it comes to HIPAA compliance and secure messaging, the security of the camera is as important as the message’s security

When you are evaluating secure text solutions you need to know that when a clinician takes a picture using the HIPAA text app, the image will not be stored on their smartphone’s photo gallery or left unencrypted in the phone’s memory. Some solutions use the Smartphone’s native application to take photos, which in most cases sync with the mobile platform’s cloud services. This is not secure. The risk is that once the Android, iPhone or other smartphone device uploads those images into their personal iCloud or Picassa account they are potentially shareable.

Here is how Practice Unite ensures the security and HIPAA compliance of images taken through the app. When a clinician takes a photo using Practice Unite, the photo is stored on the same secure servers where the messages are securely stored. A user can save, view and share images from the server but the images are not in their phone’s native gallery. Furthermore, when being used in the app, images are encrypted to provide better protection.

This means that when the phone syncs, the images taken with Practice Unite cannot end in iCloud or Picassa. Moreover when the images are sent, they use the same encryption as secure texts.

Download our checklist on how to compare the capabilities of secure text providers, and discover more lesser known capabilities HIPAA text apps should offer.